The United States Condemns Malicious Cyber Activity Targeting Germany, Czechia, and Other EU Member States – United States Department of State

The United States strongly condemns the malicious cyber activity by Russia’s General Staff Main Intelligence Directorate (GRU), also known as APT28, against Germany, Czechia, Lithuania, Poland, Slovakia, and Sweden. We join Germany in holding accountable the specific lethal activity conducted by APT28, which targeted a German political party.

APT28, also known as Fancy Bear, Strontium, and Forest Blizzard, is a well-known threat actor with a long history of engaging in malicious, nefarious, destabilizing, and disruptive behavior. The United States has previously indicted and sanctioned actors associated with APT28 for engaging in a wide range of lethal cyber activities, including cyber activities aimed at interfering in the 2016 U.S. presidential elections and targeting global anti-Semitism. This includes continuing hack-and-leak operations. Doping Agency (WADA) whose aim was to undermine the integrity of the organization and create doubt in it.

The US Department of Justice has worked with Germany to repair a network of hundreds of small office/home office routers that APT28 used to hide and carry out malicious activity, including the CVE-2023-23397 exploit, against targets in Germany. Had been. The DOJ’s action prevented the GRU from regaining access to the treated devices.

As all UN member states have confirmed, Russia’s pattern of behavior clearly disregards the framework of responsible state behavior in cyberspace. The United States is committed to protecting our allies and partners and maintaining the rules-based international order, including in cyberspace. We call on Russia to stop this malign activity and abide by its international commitments and obligations. Together with the EU and our NATO allies, we will continue to take action to disrupt Russia’s cyber activities, protect our citizens and foreign partners, and hold malicious actors accountable.